On Thu, Dec 11, 2014 at 6:53 PM, David R. Andersen <k0rx at rxcomm.net> wrote:
> Lots of hating on plausible deniability on this list...
>> I can think of a number of use-cases where deniability is important - none
> of which involve lying in court or sociopathy
> or ... One example:
>> When I purchased my last car, I engaged in negotiation
> regarding its price. That negotiation involved some
> back-and-forth communication between myself and the
> dealership. Its my feeling that it would be inappropriate
> for the dealership to be able to turn to a third party
> and say "here's an undeniable transcript of Dave's
> negotiation with us," and I suspect the dealership would
> feel the same way. Deniability to third parties is
> important in at least some negotiations.
[...]
Other examples in this spirit - you asked for a car with high maximum
speed. You said you don't care much about security ratings. This gets
forwarded to a data broker (look up the term) who sells it to your
insurance company - and you can't deny you said it! Boom, your
insurance costs just doubled.
And as you mentioned, the dealership can get in trouble too. Many
companies that protect their brand have all kinds of contracts and
NDA's around MSRP with retailers, which among others means sale prices
can't be published. This allows them to set their own margins and
provide low prices for chosen retailers that advertise them well, and
higher prices for others. Having a provable transcript of a
conversation declaring the exact margins and terms would lose that
retailer their contract and would make negotiations harder for the
company, and their brand could likely get a hit.
Discussing job options. While not having told your boss about your
plans to leave. Sometimes you have very good reasons to not let them
know a thing until after your new job position is secured.
Dealing with bullies in general. So 98% of all schools (and probably
close to as many work places) will have somebody who'd abuse the
ability to prove the contents of the log. Imagine somebody framing
somebody by bulling them IRL using seemingly innocent phrases told in
a mean manner. This gets repeated without that context in a chat. The
angry response gets forwarded to some authoritive person who'll
interpret it as the recipient being the one who initiated the fight.
This isn't even slightly unlikely - if they think it can be (ab)used,
they'll try. This happens already with everything from notes to trying
to make people say something bad as a teacher/boss/etc is approaching.
Don't leave people without other options online!
Journalists have already been mentioned. This usecase alone is enough
for me to be willing to demand that this feature is included by
default everywhere. Journalists don't want to use specialized tools
that nobody else uses except when trying to figure out how to securely
contact a journalist. No, the default tools that everybody use should
be secure enough. An insider should be able to claim he is being
framed if the transcript gets published and the fingers are pointed at
him (see Snowden, Manning and others), and deniability means it is
nothing but word against word (or against rumor) rather than
undeniable proof. The mere fact that he used a tool that supports
deniability should not be worth considering as evidence against him,
something which only is possible if it is commonplace already.
One very very important thing to remember - deniability is not the
equivalent of seatbelts, unlike what Eleanor implies when saying that
the user has to prepare for it.
No, it is more like crumple zones - when shit happens, it reduces your
risk of getting hurt, even though it doesn't guarantee anything by
itself, and you don't have to know it exists in advance.